Topic: Help modeling a User/Group permission structure
As a learning exercise, I've worked through some rails tutorials and am now trying to create something a little more complicated. I'm trying to extend a blog application into more of a cms with a basic user/group permission system.
Basically, I have Users, Articles and Groups. Users can have a role of either: Author or Viewer. Some articles are private and some are public. For private articles, I'd like to have a system where an article can be permissioned to either a group or to an individual user
or even both.
When a website visitor tries to access an article AND the article is 'Private', I'd like for the system to prompt the visitor to login. Once logged in, I want the system to then check if this user has permission to view the article. Permission being defined as: if this
user is either in a group that has permission to the article OR the user himself has explicit permission to that article.
Here's what I currently have - does this make sense? I'm mostly
struggling with the Article_Private_Access model (but I'm open to any other suggestions) and whether this is a good approach.
role (role is either 'Author' or 'Viewer')
access_type ('Private' or 'Public')
Article_Private_Access (** this serves to link Articles with permissioned Users or Groups)
access_type ('Group' or 'User')
access_id (this id would point to either a User record, or a Group record)
I'm just not sure whether to use the Article_Private_Access table and/
or how to model it. I was thinking this table would contain a list of
Users and/or Groups that had access to a particular Article. But I'm
a bit lost now....
Any help would be greatly appreciated.